From 31ecd41c8fd69fbe7a62e97b0cc5e2583e3447e3 Mon Sep 17 00:00:00 2001
From: James Booth <boothj5@gmail.com>
Date: Sun, 18 Oct 2015 00:03:15 +0100
Subject: [PATCH 1/3] Renamed PREF_CERT_PATH -> PREF_TLS_CERTPATH

---
 src/command/commands.c   | 6 +++---
 src/config/preferences.c | 6 +++---
 src/config/preferences.h | 2 +-
 src/xmpp/connection.c    | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/command/commands.c b/src/command/commands.c
index 808f573e..370c466c 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -168,18 +168,18 @@ cmd_tls(ProfWin *window, const char * const command, gchar **args)
             }
 
             if (g_file_test(args[2], G_FILE_TEST_IS_DIR)) {
-                prefs_set_string(PREF_CERT_PATH, args[2]);
+                prefs_set_string(PREF_TLS_CERTPATH, args[2]);
                 cons_show("Certificate path set to: %s", args[2]);
             } else {
                 cons_show("Directory %s does not exist.", args[2]);
             }
             return TRUE;
         } else if (g_strcmp0(args[1], "clear") == 0) {
-            prefs_set_string(PREF_CERT_PATH, NULL);
+            prefs_set_string(PREF_TLS_CERTPATH, NULL);
             cons_show("Certificate path cleared");
             return TRUE;
         } else if (args[1] == NULL) {
-            char *path = prefs_get_string(PREF_CERT_PATH);
+            char *path = prefs_get_string(PREF_TLS_CERTPATH);
             if (path) {
                 cons_show("Trusted certificate path: %s", path);
                 prefs_free_string(path);
diff --git a/src/config/preferences.c b/src/config/preferences.c
index 746e76d4..283e9158 100644
--- a/src/config/preferences.c
+++ b/src/config/preferences.c
@@ -634,7 +634,7 @@ _get_group(preference_t pref)
         case PREF_CARBONS:
         case PREF_RECEIPTS_SEND:
         case PREF_RECEIPTS_REQUEST:
-        case PREF_CERT_PATH:
+        case PREF_TLS_CERTPATH:
             return PREF_GROUP_CONNECTION;
         case PREF_OTR_LOG:
         case PREF_OTR_POLICY:
@@ -781,8 +781,8 @@ _get_key(preference_t pref)
             return "enc.warn";
         case PREF_PGP_LOG:
             return "log";
-        case PREF_CERT_PATH:
-            return "certpath";
+        case PREF_TLS_CERTPATH:
+            return "tls.certpath";
         case PREF_TLS_SHOW:
             return "tls.show";
         case PREF_LASTACTIVITY:
diff --git a/src/config/preferences.h b/src/config/preferences.h
index bf5f1e46..46bdd550 100644
--- a/src/config/preferences.h
+++ b/src/config/preferences.h
@@ -111,7 +111,7 @@ typedef enum {
     PREF_INPBLOCK_DYNAMIC,
     PREF_ENC_WARN,
     PREF_PGP_LOG,
-    PREF_CERT_PATH,
+    PREF_TLS_CERTPATH,
     PREF_TLS_SHOW,
     PREF_LASTACTIVITY,
 } preference_t;
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index 2b7db8be..5a27a63e 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -435,7 +435,7 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
     }
 
 #ifdef HAVE_LIBMESODE
-    char *cert_path = prefs_get_string(PREF_CERT_PATH);
+    char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
     if (cert_path) {
         xmpp_conn_tlscert_path(jabber_conn.conn, cert_path);
     }

From 9d2745e462eabafcab51e04ec9ad225a13cf9a6f Mon Sep 17 00:00:00 2001
From: James Booth <boothj5@gmail.com>
Date: Sun, 18 Oct 2015 00:17:45 +0100
Subject: [PATCH 2/3] Removed --disable-tls command line option

---
 docs/profanity.1                 |  6 +-----
 src/main.c                       |  4 +---
 src/profanity.c                  | 10 +++++-----
 src/profanity.h                  |  2 +-
 src/xmpp/connection.c            |  7 +------
 src/xmpp/xmpp.h                  |  2 +-
 tests/unittests/xmpp/stub_xmpp.c |  2 +-
 7 files changed, 11 insertions(+), 22 deletions(-)

diff --git a/docs/profanity.1 b/docs/profanity.1
index 63cd0677..64fa02e1 100644
--- a/docs/profanity.1
+++ b/docs/profanity.1
@@ -3,7 +3,7 @@
 Profanity \- a simple console based XMPP chat client.
 .SH SYNOPSIS
 .B profanity
-[\-vhd] [\-l level] [\-a account]
+[\-vh] [\-l level] [\-a account]
 .SH DESCRIPTION
 .B Profanity
 is a simple lightweight console based XMPP chat client. Its emphasis is 
@@ -25,10 +25,6 @@ Auto connect to an account on startup,
 .I ACCOUNT
 must be an existing account.
 .TP
-.BI "\-d, \-\-disable\-tls"
-Disable TLS for servers that either don't support it, or claim to but do not
-complete the handshake.
-.TP
 .BI "\-l, \-\-log "LEVEL
 Set the logging level,
 .I LEVEL
diff --git a/src/main.c b/src/main.c
index 49e1defc..42730049 100644
--- a/src/main.c
+++ b/src/main.c
@@ -42,7 +42,6 @@
 #include "profanity.h"
 #include "command/command.h"
 
-static gboolean disable_tls = FALSE;
 static gboolean version = FALSE;
 static char *log = "INFO";
 static char *account_name = NULL;
@@ -58,7 +57,6 @@ main(int argc, char **argv)
     static GOptionEntry entries[] =
     {
         { "version", 'v', 0, G_OPTION_ARG_NONE, &version, "Show version information", NULL },
-        { "disable-tls", 'd', 0, G_OPTION_ARG_NONE, &disable_tls, "Disable TLS", NULL },
         { "account", 'a', 0, G_OPTION_ARG_STRING, &account_name, "Auto connect to an account on startup" },
         { "log",'l', 0, G_OPTION_ARG_STRING, &log, "Set logging levels, DEBUG, INFO (default), WARN, ERROR", "LEVEL" },
         { NULL }
@@ -137,7 +135,7 @@ main(int argc, char **argv)
         return 0;
     }
 
-    prof_run(disable_tls, log, account_name);
+    prof_run(log, account_name);
 
     return 0;
 }
diff --git a/src/profanity.c b/src/profanity.c
index 4dc2af3d..8233178b 100644
--- a/src/profanity.c
+++ b/src/profanity.c
@@ -73,7 +73,7 @@
 #include "config/tlscerts.h"
 
 static void _check_autoaway(void);
-static void _init(const int disable_tls, char *log_level);
+static void _init(char *log_level);
 static void _shutdown(void);
 static void _create_directories(void);
 static void _connect_default(const char * const account);
@@ -92,9 +92,9 @@ char *saved_status;
 static gboolean cont = TRUE;
 
 void
-prof_run(const int disable_tls, char *log_level, char *account_name)
+prof_run(char *log_level, char *account_name)
 {
-    _init(disable_tls, log_level);
+    _init(log_level);
     _connect_default(account_name);
     ui_update();
 
@@ -297,7 +297,7 @@ _check_autoaway()
 }
 
 static void
-_init(const int disable_tls, char *log_level)
+_init(char *log_level)
 {
     setlocale(LC_ALL, "");
     // ignore SIGPIPE
@@ -326,7 +326,7 @@ _init(const int disable_tls, char *log_level)
     theme_init(theme);
     prefs_free_string(theme);
     ui_init();
-    jabber_init(disable_tls);
+    jabber_init();
     cmd_init();
     log_info("Initialising contact list");
     roster_init();
diff --git a/src/profanity.h b/src/profanity.h
index 269c616a..123e2f00 100644
--- a/src/profanity.h
+++ b/src/profanity.h
@@ -38,7 +38,7 @@
 #include "resource.h"
 #include "xmpp/xmpp.h"
 
-void prof_run(const int disable_tls, char *log_level, char *account_name);
+void prof_run(char *log_level, char *account_name);
 
 void prof_handle_idle(void);
 void prof_handle_activity(void);
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index 5a27a63e..fa29a70e 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -70,7 +70,6 @@ static struct _jabber_conn_t {
     jabber_conn_status_t conn_status;
     char *presence_message;
     int priority;
-    int tls_disabled;
     char *domain;
 } jabber_conn;
 
@@ -115,14 +114,13 @@ void _connection_free_saved_details(void);
 void _connection_free_session_data(void);
 
 void
-jabber_init(const int disable_tls)
+jabber_init(void)
 {
     log_info("Initialising XMPP");
     jabber_conn.conn_status = JABBER_STARTED;
     jabber_conn.presence_message = NULL;
     jabber_conn.conn = NULL;
     jabber_conn.ctx = NULL;
-    jabber_conn.tls_disabled = disable_tls;
     jabber_conn.domain = NULL;
     presence_sub_requests_init();
     caps_init();
@@ -430,9 +428,6 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
     }
     xmpp_conn_set_jid(jabber_conn.conn, fulljid);
     xmpp_conn_set_pass(jabber_conn.conn, passwd);
-    if (jabber_conn.tls_disabled) {
-        xmpp_conn_disable_tls(jabber_conn.conn);
-    }
 
 #ifdef HAVE_LIBMESODE
     char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h
index 839df9a7..ddf83c64 100644
--- a/src/xmpp/xmpp.h
+++ b/src/xmpp/xmpp.h
@@ -137,7 +137,7 @@ typedef struct data_form_t {
 } DataForm;
 
 // connection functions
-void jabber_init(const int disable_tls);
+void jabber_init(void);
 jabber_conn_status_t jabber_connect_with_details(const char * const jid,
     const char * const passwd, const char * const altdomain, const int port);
 jabber_conn_status_t jabber_connect_with_account(const ProfAccount * const account);
diff --git a/tests/unittests/xmpp/stub_xmpp.c b/tests/unittests/xmpp/stub_xmpp.c
index 14a0b01d..ba1f2e34 100644
--- a/tests/unittests/xmpp/stub_xmpp.c
+++ b/tests/unittests/xmpp/stub_xmpp.c
@@ -6,7 +6,7 @@
 #include "xmpp/xmpp.h"
 
 // connection functions
-void jabber_init(const int disable_tls) {}
+void jabber_init(void) {}
 
 jabber_conn_status_t jabber_connect_with_details(const char * const jid,
     const char * const passwd, const char * const altdomain, const int port)

From 6640a0891fb51b74c8377745ee1e5585f741a0be Mon Sep 17 00:00:00 2001
From: James Booth <boothj5@gmail.com>
Date: Sun, 18 Oct 2015 03:06:23 +0100
Subject: [PATCH 3/3] Force tls on all connections, add tls policy account
 property

---
 src/command/command.c                  | 81 ++++++++++++++++++++++++--
 src/command/commands.c                 | 26 ++++++++-
 src/config/account.c                   | 10 +++-
 src/config/account.h                   |  4 +-
 src/config/accounts.c                  | 28 ++++++++-
 src/config/accounts.h                  |  3 +-
 src/event/client_events.c              |  4 +-
 src/event/client_events.h              |  2 +-
 src/ui/console.c                       |  3 +
 src/xmpp/connection.c                  | 32 +++++++---
 src/xmpp/xmpp.h                        |  2 +-
 tests/functionaltests/proftest.c       |  2 +-
 tests/functionaltests/test_connect.c   |  2 +-
 tests/unittests/config/stub_accounts.c |  1 +
 tests/unittests/test_cmd_account.c     | 14 ++---
 tests/unittests/test_cmd_connect.c     |  6 +-
 tests/unittests/test_cmd_join.c        |  8 +--
 tests/unittests/test_cmd_otr.c         |  2 +-
 tests/unittests/xmpp/stub_xmpp.c       |  2 +-
 19 files changed, 190 insertions(+), 42 deletions(-)

diff --git a/src/command/command.c b/src/command/command.c
index 1b8def1a..ec8696fe 100644
--- a/src/command/command.c
+++ b/src/command/command.c
@@ -168,12 +168,12 @@ static struct cmd_t command_defs[] =
     },
 
     { "/connect",
-        cmd_connect, parse_args, 0, 5, NULL,
+        cmd_connect, parse_args, 0, 7, NULL,
         CMD_TAGS(
             CMD_TAG_CONNECTION)
         CMD_SYN(
             "/connect [<account>]",
-            "/connect <account> [server <server>] [port <port>]")
+            "/connect <account> [server <server>] [port <port>] [tls force|allow|disable]")
         CMD_DESC(
             "Login to a chat service. "
             "If no account is specified, the default is used if one is configured. "
@@ -181,12 +181,16 @@ static struct cmd_t command_defs[] =
         CMD_ARGS(
             { "<account>",         "The local account you wish to connect with, or a JID if connecting for the first time." },
             { "server <server>",   "Supply a server if it is different to the domain part of your JID." },
-            { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." })
+            { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." },
+            { "tls force",         "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
+            { "tls allow",         "Use TLS for the connection if it is available." },
+            { "tls disable",       "Disable TLS for the connection." })
         CMD_EXAMPLES(
             "/connect",
             "/connect myuser@gmail.com",
             "/connect myuser@mycompany.com server talk.google.com",
             "/connect bob@someplace port 5678",
+            "/connect me@localhost.test.org server 127.0.0.1 tls disable",
             "/connect me@chatty server chatty.com port 5443")
         },
 
@@ -1491,6 +1495,7 @@ static struct cmd_t command_defs[] =
             "/account set <account> otr <policy>",
             "/account set <account> pgpkeyid <pgpkeyid>",
             "/account set <account> startscript <script>",
+            "/account set <account> tls force|allow|disable",
             "/account clear <account> password",
             "/account clear <account> eval_password",
             "/account clear <account> server",
@@ -1525,6 +1530,9 @@ static struct cmd_t command_defs[] =
             { "set <account> otr <policy>",             "Override global OTR policy for this account, see /otr." },
             { "set <account> pgpkeyid <pgpkeyid>",      "Set the ID of the PGP key for this account, see /pgp." },
             { "set <account> startscript <script>",     "Set the script to execute after connecting." },
+            { "set <account> tls force",                "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
+            { "set <account> tls allow",                "Use TLS for the connection if it is available." },
+            { "set <account> tls disable",              "Disable TLS for the connection." },
             { "clear <account> server",                 "Remove the server setting for this account." },
             { "clear <account> port",                   "Remove the port setting for this account." },
             { "clear <account> password",               "Remove the password setting for this account." },
@@ -1753,6 +1761,7 @@ static Autocomplete otr_ac;
 static Autocomplete otr_log_ac;
 static Autocomplete otr_policy_ac;
 static Autocomplete connect_property_ac;
+static Autocomplete tls_property_ac;
 static Autocomplete statuses_ac;
 static Autocomplete statuses_setting_ac;
 static Autocomplete alias_ac;
@@ -1944,6 +1953,7 @@ cmd_init(void)
     autocomplete_add(account_set_ac, "otr");
     autocomplete_add(account_set_ac, "pgpkeyid");
     autocomplete_add(account_set_ac, "startscript");
+    autocomplete_add(account_set_ac, "tls");
 
     account_clear_ac = autocomplete_new();
     autocomplete_add(account_clear_ac, "password");
@@ -2075,6 +2085,12 @@ cmd_init(void)
     connect_property_ac = autocomplete_new();
     autocomplete_add(connect_property_ac, "server");
     autocomplete_add(connect_property_ac, "port");
+    autocomplete_add(connect_property_ac, "tls");
+
+    tls_property_ac = autocomplete_new();
+    autocomplete_add(tls_property_ac, "force");
+    autocomplete_add(tls_property_ac, "allow");
+    autocomplete_add(tls_property_ac, "disable");
 
     join_property_ac = autocomplete_new();
     autocomplete_add(join_property_ac, "nick");
@@ -2249,6 +2265,7 @@ cmd_uninit(void)
     autocomplete_free(otr_log_ac);
     autocomplete_free(otr_policy_ac);
     autocomplete_free(connect_property_ac);
+    autocomplete_free(tls_property_ac);
     autocomplete_free(statuses_ac);
     autocomplete_free(statuses_setting_ac);
     autocomplete_free(alias_ac);
@@ -2435,6 +2452,7 @@ cmd_reset_autocomplete(ProfWin *window)
     autocomplete_reset(otr_log_ac);
     autocomplete_reset(otr_policy_ac);
     autocomplete_reset(connect_property_ac);
+    autocomplete_reset(tls_property_ac);
     autocomplete_reset(statuses_ac);
     autocomplete_reset(statuses_setting_ac);
     autocomplete_reset(alias_ac);
@@ -3786,7 +3804,7 @@ _connect_autocomplete(ProfWin *window, const char * const input)
     char *found = NULL;
     gboolean result = FALSE;
 
-    gchar **args = parse_args(input, 2, 4, &result);
+    gchar **args = parse_args(input, 2, 6, &result);
 
     if ((strncmp(input, "/connect", 8) == 0) && (result == TRUE)) {
         GString *beginning = g_string_new("/connect ");
@@ -3796,6 +3814,12 @@ _connect_autocomplete(ProfWin *window, const char * const input)
             g_string_append(beginning, args[1]);
             g_string_append(beginning, " ");
             g_string_append(beginning, args[2]);
+            if (args[3] && args[4]) {
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[3]);
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[4]);
+            }
         }
         found = autocomplete_param_with_ac(input, beginning->str, connect_property_ac, TRUE);
         g_string_free(beginning, TRUE);
@@ -3807,6 +3831,46 @@ _connect_autocomplete(ProfWin *window, const char * const input)
 
     g_strfreev(args);
 
+    result = FALSE;
+    args = parse_args(input, 2, 7, &result);
+
+    if ((strncmp(input, "/connect", 8) == 0) && (result == TRUE)) {
+        GString *beginning = g_string_new("/connect ");
+        g_string_append(beginning, args[0]);
+        int curr = 0;
+        if (args[1]) {
+            g_string_append(beginning, " ");
+            g_string_append(beginning, args[1]);
+            curr = 1;
+            if (args[2] && args[3]) {
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[2]);
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[3]);
+                curr = 3;
+                if (args[4] && args[5]) {
+                    g_string_append(beginning, " ");
+                    g_string_append(beginning, args[4]);
+                    g_string_append(beginning, " ");
+                    g_string_append(beginning, args[5]);
+                    curr = 5;
+                }
+            }
+        }
+        if (curr != 0 && (g_strcmp0(args[curr], "tls") == 0)) {
+            found = autocomplete_param_with_ac(input, beginning->str, tls_property_ac, TRUE);
+            g_string_free(beginning, TRUE);
+            if (found) {
+                g_strfreev(args);
+                return found;
+            }
+        } else {
+            g_string_free(beginning, TRUE);
+        }
+    }
+
+    g_strfreev(args);
+
     found = autocomplete_param_with_func(input, "/connect", accounts_find_enabled);
     if (found) {
         return found;
@@ -3897,6 +3961,15 @@ _account_autocomplete(ProfWin *window, const char * const input)
                 g_strfreev(args);
                 return found;
             }
+        } else if ((g_strv_length(args) > 3) && (g_strcmp0(args[2], "tls")) == 0) {
+            g_string_append(beginning, " ");
+            g_string_append(beginning, args[2]);
+            found = autocomplete_param_with_ac(input, beginning->str, tls_property_ac, TRUE);
+            g_string_free(beginning, TRUE);
+            if (found) {
+                g_strfreev(args);
+                return found;
+            }
 #ifdef HAVE_LIBGPGME
         } else if ((g_strv_length(args) > 3) && (g_strcmp0(args[2], "pgpkeyid")) == 0) {
             g_string_append(beginning, " ");
diff --git a/src/command/commands.c b/src/command/commands.c
index 370c466c..c37af0c7 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -255,7 +255,7 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
         return TRUE;
     }
 
-    gchar *opt_keys[] = { "server", "port", NULL };
+    gchar *opt_keys[] = { "server", "port", "tls", NULL };
     gboolean parsed;
 
     GHashTable *options = parse_options(&args[args[0] ? 1 : 0], opt_keys, &parsed);
@@ -267,6 +267,16 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
 
     char *altdomain = g_hash_table_lookup(options, "server");
 
+    char *tls_policy = g_hash_table_lookup(options, "tls");
+    if (tls_policy &&
+            (g_strcmp0(tls_policy, "force") != 0) &&
+            (g_strcmp0(tls_policy, "allow") != 0) &&
+            (g_strcmp0(tls_policy, "disable") != 0)) {
+        cons_bad_cmd_usage(command);
+        cons_show("");
+        return TRUE;
+    }
+
     int port = 0;
     if (g_hash_table_contains(options, "port")) {
         char *port_str = g_hash_table_lookup(options, "port");
@@ -334,7 +344,7 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
     } else {
         jid = strdup(lower);
         char *passwd = ui_ask_password();
-        conn_status = cl_ev_connect_jid(jid, passwd, altdomain, port);
+        conn_status = cl_ev_connect_jid(jid, passwd, altdomain, port, tls_policy);
         free(passwd);
     }
 
@@ -386,7 +396,7 @@ cmd_account(ProfWin *window, const char * const command, gchar **args)
         if (account_name == NULL) {
             cons_bad_cmd_usage(command);
         } else {
-            accounts_add(account_name, NULL, 0);
+            accounts_add(account_name, NULL, 0, NULL);
             cons_show("Account created.");
             cons_show("");
         }
@@ -590,6 +600,16 @@ cmd_account(ProfWin *window, const char * const command, gchar **args)
                 } else if (strcmp(property, "startscript") == 0) {
                     accounts_set_script_start(account_name, value);
                     cons_show("Updated start script for account %s: %s", account_name, value);
+                } else if (strcmp(property, "tls") == 0) {
+                    if ((g_strcmp0(value, "force") != 0)
+                            && (g_strcmp0(value, "allow") != 0)
+                            && (g_strcmp0(value, "disable") != 0)) {
+                        cons_show("TLS policy must be one of: force, allow or disable.");
+                    } else {
+                        accounts_set_tls_policy(account_name, value);
+                        cons_show("Updated TLS policy for account %s: %s", account_name, value);
+                        cons_show("");
+                    }
                 } else if (valid_resource_presence_string(property)) {
                     int intval;
                     char *err_msg = NULL;
diff --git a/src/config/account.c b/src/config/account.c
index 71b05a96..534d1138 100644
--- a/src/config/account.c
+++ b/src/config/account.c
@@ -51,7 +51,8 @@ account_new(const gchar * const name, const gchar * const jid,
     int priority_away, int priority_xa, int priority_dnd,
     const gchar * const muc_service, const gchar * const muc_nick,
     const gchar * const otr_policy, GList *otr_manual, GList *otr_opportunistic,
-    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript)
+    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript,
+    gchar *tls_policy)
 {
     ProfAccount *new_account = malloc(sizeof(ProfAccount));
 
@@ -156,6 +157,12 @@ account_new(const gchar * const name, const gchar * const jid,
         new_account->startscript = NULL;
     }
 
+    if (tls_policy != NULL) {
+        new_account->tls_policy = strdup(tls_policy);
+    } else {
+        new_account->tls_policy = NULL;
+    }
+
     return new_account;
 }
 
@@ -224,6 +231,7 @@ account_free(ProfAccount *account)
         free(account->otr_policy);
         free(account->pgp_keyid);
         free(account->startscript);
+        free(account->tls_policy);
         g_list_free_full(account->otr_manual, g_free);
         g_list_free_full(account->otr_opportunistic, g_free);
         g_list_free_full(account->otr_always, g_free);
diff --git a/src/config/account.h b/src/config/account.h
index d2b55569..bb5f27ce 100644
--- a/src/config/account.h
+++ b/src/config/account.h
@@ -61,6 +61,7 @@ typedef struct prof_account_t {
     GList *otr_always;
     gchar *pgp_keyid;
     gchar *startscript;
+    gchar *tls_policy;
 } ProfAccount;
 
 ProfAccount* account_new(const gchar * const name, const gchar * const jid,
@@ -70,7 +71,8 @@ ProfAccount* account_new(const gchar * const name, const gchar * const jid,
     int priority_away, int priority_xa, int priority_dnd,
     const gchar * const muc_service, const gchar * const muc_nick,
     const gchar * const otr_policy, GList *otr_manual, GList *otr_opportunistic,
-    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript);
+    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript,
+    gchar *tls_policy);
 char* account_create_full_jid(ProfAccount *account);
 gboolean account_eval_password(ProfAccount *account);
 void account_free(ProfAccount *account);
diff --git a/src/config/accounts.c b/src/config/accounts.c
index 7ae34983..43239d76 100644
--- a/src/config/accounts.c
+++ b/src/config/accounts.c
@@ -120,7 +120,7 @@ accounts_reset_enabled_search(void)
 }
 
 void
-accounts_add(const char *account_name, const char *altdomain, const int port)
+accounts_add(const char *account_name, const char *altdomain, const int port, const char *const tls_policy)
 {
     // set account name and resource
     const char *barejid = account_name;
@@ -144,6 +144,9 @@ accounts_add(const char *account_name, const char *altdomain, const int port)
         if (port != 0) {
             g_key_file_set_integer(accounts, account_name, "port", port);
         }
+        if (tls_policy) {
+            g_key_file_set_string(accounts, account_name, "tls.policy", tls_policy);
+        }
 
         Jid *jidp = jid_create(barejid);
         GString *muc_service = g_string_new("conference.");
@@ -269,11 +272,19 @@ accounts_get_account(const char * const name)
             startscript = g_key_file_get_string(accounts, name, "script.start", NULL);
         }
 
+        gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL);
+        if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) &&
+                (g_strcmp0(tls_policy, "allow") != 0) &&
+                (g_strcmp0(tls_policy, "disable") != 0))) {
+            g_free(tls_policy);
+            tls_policy = NULL;
+        }
+
         ProfAccount *new_account = account_new(name, jid, password, eval_password, enabled,
             server, port, resource, last_presence, login_presence,
             priority_online, priority_chat, priority_away, priority_xa,
             priority_dnd, muc_service, muc_nick, otr_policy, otr_manual,
-            otr_opportunistic, otr_always, pgp_keyid, startscript);
+            otr_opportunistic, otr_always, pgp_keyid, startscript, tls_policy);
 
         g_free(jid);
         g_free(password);
@@ -287,6 +298,7 @@ accounts_get_account(const char * const name)
         g_free(otr_policy);
         g_free(pgp_keyid);
         g_free(startscript);
+        g_free(tls_policy);
 
         return new_account;
     }
@@ -354,7 +366,8 @@ accounts_rename(const char * const account_name, const char * const new_name)
         "otr.always",
         "pgp.keyid",
         "last.activity",
-        "script.start"
+        "script.start",
+        "tls.policy"
     };
 
     int i;
@@ -678,6 +691,15 @@ accounts_set_otr_policy(const char * const account_name, const char * const valu
     }
 }
 
+void
+accounts_set_tls_policy(const char * const account_name, const char * const value)
+{
+    if (accounts_account_exists(account_name)) {
+        g_key_file_set_string(accounts, account_name, "tls.policy", value);
+        _save_accounts();
+    }
+}
+
 void
 accounts_set_priority_online(const char * const account_name, const gint value)
 {
diff --git a/src/config/accounts.h b/src/config/accounts.h
index 610ed6a3..bd9d9307 100644
--- a/src/config/accounts.h
+++ b/src/config/accounts.h
@@ -47,7 +47,7 @@ char * accounts_find_all(const char * const prefix);
 char * accounts_find_enabled(const char * const prefix);
 void accounts_reset_all_search(void);
 void accounts_reset_enabled_search(void);
-void accounts_add(const char *jid, const char *altdomain, const int port);
+void accounts_add(const char *jid, const char *altdomain, const int port, const char *const tls_policy);
 int  accounts_remove(const char *jid);
 gchar** accounts_get_list(void);
 ProfAccount* accounts_get_account(const char * const name);
@@ -65,6 +65,7 @@ void accounts_set_eval_password(const char * const account_name, const char * co
 void accounts_set_muc_service(const char * const account_name, const char * const value);
 void accounts_set_muc_nick(const char * const account_name, const char * const value);
 void accounts_set_otr_policy(const char * const account_name, const char * const value);
+void accounts_set_tls_policy(const char * const account_name, const char * const value);
 void accounts_set_last_presence(const char * const account_name, const char * const value);
 void accounts_set_last_status(const char * const account_name, const char * const value);
 void accounts_set_last_activity(const char * const account_name);
diff --git a/src/event/client_events.c b/src/event/client_events.c
index c3e5070d..8f744c7e 100644
--- a/src/event/client_events.c
+++ b/src/event/client_events.c
@@ -48,10 +48,10 @@
 #endif
 
 jabber_conn_status_t
-cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port)
+cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy)
 {
     cons_show("Connecting as %s", jid);
-    return jabber_connect_with_details(jid, passwd, altdomain, port);
+    return jabber_connect_with_details(jid, passwd, altdomain, port, tls_policy);
 }
 
 jabber_conn_status_t
diff --git a/src/event/client_events.h b/src/event/client_events.h
index ea1bdef7..dbd053f3 100644
--- a/src/event/client_events.h
+++ b/src/event/client_events.h
@@ -35,7 +35,7 @@
 #ifndef CLIENT_EVENTS_H
 #define CLIENT_EVENTS_H
 
-jabber_conn_status_t cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port);
+jabber_conn_status_t cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy);
 jabber_conn_status_t cl_ev_connect_account(ProfAccount *account);
 
 void cl_ev_presence_send(const resource_presence_t presence_type, const char * const msg, const int idle_secs);
diff --git a/src/ui/console.c b/src/ui/console.c
index 37316d83..bda808c7 100644
--- a/src/ui/console.c
+++ b/src/ui/console.c
@@ -707,6 +707,9 @@ cons_show_account(ProfAccount *account)
     if (account->muc_nick) {
         cons_show   ("muc nick          : %s", account->muc_nick);
     }
+    if (account->tls_policy) {
+        cons_show   ("TLS policy        : %s", account->tls_policy);
+    }
     if (account->last_presence) {
         cons_show   ("Last presence     : %s", account->last_presence);
     }
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index fa29a70e..4b3ef803 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -87,6 +87,7 @@ static struct {
     char *passwd;
     char *altdomain;
     int port;
+    char *tls_policy;
 } saved_details;
 
 static GTimer *reconnect_timer;
@@ -101,7 +102,7 @@ static void _xmpp_file_logger(void * const userdata,
 static xmpp_log_t * _xmpp_get_file_logger();
 
 static jabber_conn_status_t _jabber_connect(const char * const fulljid,
-    const char * const passwd, const char * const altdomain, int port);
+    const char * const passwd, const char * const altdomain, int port, const char *const tls_policy);
 
 static void _jabber_reconnect(void);
 
@@ -149,7 +150,7 @@ jabber_connect_with_account(const ProfAccount * const account)
     // connect with fulljid
     Jid *jidp = jid_create_from_bare_and_resource(account->jid, account->resource);
     jabber_conn_status_t result =
-      _jabber_connect(jidp->fulljid, account->password, account->server, account->port);
+      _jabber_connect(jidp->fulljid, account->password, account->server, account->port, account->tls_policy);
     jid_destroy(jidp);
 
     return result;
@@ -157,7 +158,7 @@ jabber_connect_with_account(const ProfAccount * const account)
 
 jabber_conn_status_t
 jabber_connect_with_details(const char * const jid,
-    const char * const passwd, const char * const altdomain, const int port)
+    const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy)
 {
     assert(jid != NULL);
     assert(passwd != NULL);
@@ -175,6 +176,11 @@ jabber_connect_with_details(const char * const jid,
     } else {
         saved_details.port = 0;
     }
+    if (tls_policy) {
+        saved_details.tls_policy = strdup(tls_policy);
+    } else {
+        saved_details.tls_policy = NULL;
+    }
 
     // use 'profanity' when no resourcepart in provided jid
     Jid *jidp = jid_create(jid);
@@ -189,7 +195,12 @@ jabber_connect_with_details(const char * const jid,
 
     // connect with fulljid
     log_info("Connecting without account, JID: %s", saved_details.jid);
-    return _jabber_connect(saved_details.jid, passwd, saved_details.altdomain, saved_details.port);
+    return _jabber_connect(
+        saved_details.jid,
+        passwd,
+        saved_details.altdomain,
+        saved_details.port,
+        saved_details.tls_policy);
 }
 
 void
@@ -363,6 +374,7 @@ _connection_free_saved_details(void)
     FREE_SET_NULL(saved_details.jid);
     FREE_SET_NULL(saved_details.passwd);
     FREE_SET_NULL(saved_details.altdomain);
+    FREE_SET_NULL(saved_details.tls_policy);
 }
 
 void
@@ -384,7 +396,7 @@ _connection_certfail_cb(const char * const certname, const char * const certfp,
 
 static jabber_conn_status_t
 _jabber_connect(const char * const fulljid, const char * const passwd,
-    const char * const altdomain, int port)
+    const char * const altdomain, int port, const char *const tls_policy)
 {
     assert(fulljid != NULL);
     assert(passwd != NULL);
@@ -429,6 +441,12 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
     xmpp_conn_set_jid(jabber_conn.conn, fulljid);
     xmpp_conn_set_pass(jabber_conn.conn, passwd);
 
+    if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) {
+        xmpp_conn_set_flags(jabber_conn.conn, XMPP_CONN_FLAG_MANDATORY_TLS);
+    } else if (g_strcmp0(tls_policy, "disable") == 0) {
+        xmpp_conn_set_flags(jabber_conn.conn, XMPP_CONN_FLAG_DISABLE_TLS);
+    }
+
 #ifdef HAVE_LIBMESODE
     char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
     if (cert_path) {
@@ -463,7 +481,7 @@ _jabber_reconnect(void)
     } else {
         char *fulljid = create_fulljid(account->jid, account->resource);
         log_debug("Attempting reconnect with account %s", account->name);
-        _jabber_connect(fulljid, saved_account.passwd, account->server, account->port);
+        _jabber_connect(fulljid, saved_account.passwd, account->server, account->port, account->tls_policy);
         free(fulljid);
         g_timer_start(reconnect_timer);
     }
@@ -489,7 +507,7 @@ _connection_handler(xmpp_conn_t * const conn,
         // logged in without account, use details to create new account
         } else {
             log_debug("Connection handler: logged in with jid: %s", saved_details.name);
-            accounts_add(saved_details.name, saved_details.altdomain, saved_details.port);
+            accounts_add(saved_details.name, saved_details.altdomain, saved_details.port, saved_details.tls_policy);
             accounts_set_jid(saved_details.name, saved_details.jid);
 
             sv_ev_login_account_success(saved_details.name, secured);
diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h
index ddf83c64..43106fa6 100644
--- a/src/xmpp/xmpp.h
+++ b/src/xmpp/xmpp.h
@@ -139,7 +139,7 @@ typedef struct data_form_t {
 // connection functions
 void jabber_init(void);
 jabber_conn_status_t jabber_connect_with_details(const char * const jid,
-    const char * const passwd, const char * const altdomain, const int port);
+    const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy);
 jabber_conn_status_t jabber_connect_with_account(const ProfAccount * const account);
 void jabber_disconnect(void);
 void jabber_shutdown(void);
diff --git a/tests/functionaltests/proftest.c b/tests/functionaltests/proftest.c
index 54837c9f..e3c80501 100644
--- a/tests/functionaltests/proftest.c
+++ b/tests/functionaltests/proftest.c
@@ -244,7 +244,7 @@ prof_connect_with_roster(char *roster)
         "</presence>"
     );
 
-    prof_input("/connect stabber@localhost server 127.0.0.1 port 5230");
+    prof_input("/connect stabber@localhost server 127.0.0.1 port 5230 tls allow");
     prof_input("password");
 
     // Allow time for profanity to connect
diff --git a/tests/functionaltests/test_connect.c b/tests/functionaltests/test_connect.c
index 9abd1eff..b14d7e85 100644
--- a/tests/functionaltests/test_connect.c
+++ b/tests/functionaltests/test_connect.c
@@ -50,7 +50,7 @@ connect_jid_requests_bookmarks(void **state)
 void
 connect_bad_password(void **state)
 {
-    prof_input("/connect stabber@localhost server 127.0.0.1 port 5230");
+    prof_input("/connect stabber@localhost server 127.0.0.1 port 5230 tls allow");
     prof_input("badpassword");
 
     assert_true(prof_output_exact("Login failed."));
diff --git a/tests/unittests/config/stub_accounts.c b/tests/unittests/config/stub_accounts.c
index 8d552997..2ea35cb7 100644
--- a/tests/unittests/config/stub_accounts.c
+++ b/tests/unittests/config/stub_accounts.c
@@ -126,6 +126,7 @@ void accounts_set_last_status(const char * const account_name, const char * cons
 void accounts_set_last_activity(const char * const account_name) {}
 void accounts_set_pgp_keyid(const char * const account_name, const char * const value) {}
 void accounts_set_script_start(const char * const account_name, const char * const value) {}
+void accounts_set_tls_policy(const char * const account_name, const char * const value) {}
 
 void accounts_set_login_presence(const char * const account_name, const char * const value)
 {
diff --git a/tests/unittests/test_cmd_account.c b/tests/unittests/test_cmd_account.c
index 4d219a1a..88ed2070 100644
--- a/tests/unittests/test_cmd_account.c
+++ b/tests/unittests/test_cmd_account.c
@@ -33,7 +33,7 @@ void cmd_account_shows_usage_when_not_connected_and_no_args(void **state)
 void cmd_account_shows_account_when_connected_and_no_args(void **state)
 {
     ProfAccount *account = account_new("jabber_org", "me@jabber.org", NULL, NULL,
-        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
     gchar *args[] = { NULL };
 
     will_return(jabber_get_connection_status, JABBER_CONNECTED);
@@ -93,7 +93,7 @@ void cmd_account_show_shows_account_when_exists(void **state)
 {
     gchar *args[] = { "show", "account_name", NULL };
     ProfAccount *account = account_new("jabber_org", "me@jabber.org", NULL, NULL,
-        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     expect_any(accounts_get_account, name);
     will_return(accounts_get_account, account);
@@ -409,7 +409,7 @@ void cmd_account_set_password_sets_password(void **state)
 {
     gchar *args[] = { "set", "a_account", "password", "a_password", NULL };
     ProfAccount *account = account_new("a_account", NULL, NULL, NULL,
-    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
 
     expect_any(accounts_account_exists, account_name);
@@ -432,7 +432,7 @@ void cmd_account_set_eval_password_sets_eval_password(void **state)
 {
     gchar *args[] = { "set", "a_account", "eval_password", "a_password", NULL };
     ProfAccount *account = account_new("a_account", NULL, NULL, NULL,
-    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     expect_any(accounts_account_exists, account_name);
     will_return(accounts_account_exists, TRUE);
@@ -453,7 +453,7 @@ void cmd_account_set_eval_password_sets_eval_password(void **state)
 void cmd_account_set_password_when_eval_password_set(void **state) {
     gchar *args[] = { "set", "a_account", "password", "a_password", NULL };
     ProfAccount *account = account_new("a_account", NULL, NULL, "a_password",
-    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     expect_any(accounts_account_exists, account_name);
     will_return(accounts_account_exists, TRUE);
@@ -470,7 +470,7 @@ void cmd_account_set_password_when_eval_password_set(void **state) {
 void cmd_account_set_eval_password_when_password_set(void **state) {
     gchar *args[] = { "set", "a_account", "eval_password", "a_password", NULL };
     ProfAccount *account = account_new("a_account", NULL, "a_password", NULL,
-    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+    TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     expect_any(accounts_account_exists, account_name);
     will_return(accounts_account_exists, TRUE);
@@ -800,7 +800,7 @@ void cmd_account_set_priority_updates_presence_when_account_connected_with_prese
 
 #ifdef HAVE_LIBGPGME
     ProfAccount *account = account_new("a_account", "a_jid", NULL, NULL, TRUE, NULL, 5222, "a_resource",
-        NULL, NULL, 10, 10, 10, 10, 10, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        NULL, NULL, 10, 10, 10, 10, 10, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     will_return(jabber_get_account_name, "a_account");
     expect_any(accounts_get_account, name);
diff --git a/tests/unittests/test_cmd_connect.c b/tests/unittests/test_cmd_connect.c
index 197a7505..5a1cbf45 100644
--- a/tests/unittests/test_cmd_connect.c
+++ b/tests/unittests/test_cmd_connect.c
@@ -121,7 +121,7 @@ void cmd_connect_asks_password_when_not_in_account(void **state)
 {
     gchar *args[] = { "jabber_org", NULL };
     ProfAccount *account = account_new("jabber_org", "me@jabber.org", NULL, NULL,
-        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     will_return(jabber_get_connection_status, JABBER_DISCONNECTED);
 
@@ -368,7 +368,7 @@ void cmd_connect_shows_message_when_connecting_with_account(void **state)
 {
     gchar *args[] = { "jabber_org", NULL };
     ProfAccount *account = account_new("jabber_org", "user@jabber.org", "password", NULL,
-        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     will_return(jabber_get_connection_status, JABBER_DISCONNECTED);
 
@@ -388,7 +388,7 @@ void cmd_connect_connects_with_account(void **state)
 {
     gchar *args[] = { "jabber_org", NULL };
     ProfAccount *account = account_new("jabber_org", "me@jabber.org", "password", NULL,
-        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     will_return(jabber_get_connection_status, JABBER_DISCONNECTED);
 
diff --git a/tests/unittests/test_cmd_join.c b/tests/unittests/test_cmd_join.c
index 684e66ff..92bb17e4 100644
--- a/tests/unittests/test_cmd_join.c
+++ b/tests/unittests/test_cmd_join.c
@@ -70,7 +70,7 @@ void cmd_join_uses_account_mucservice_when_no_service_specified(void **state)
     char *expected_room = "room@conference.server.org";
     gchar *args[] = { room, "nick", nick, NULL };
     ProfAccount *account = account_new(account_name, "user@server.org", NULL, NULL,
-        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, account_service, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, account_service, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     muc_init();
 
@@ -95,7 +95,7 @@ void cmd_join_uses_supplied_nick(void **state)
     char *nick = "bob";
     gchar *args[] = { room, "nick", nick, NULL };
     ProfAccount *account = account_new(account_name, "user@server.org", NULL, NULL,
-        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     muc_init();
 
@@ -120,7 +120,7 @@ void cmd_join_uses_account_nick_when_not_supplied(void **state)
     char *account_nick = "a_nick";
     gchar *args[] = { room, NULL };
     ProfAccount *account = account_new(account_name, "user@server.org", NULL, NULL,
-        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, account_nick, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, NULL, account_nick, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     muc_init();
 
@@ -148,7 +148,7 @@ void cmd_join_uses_password_when_supplied(void **state)
     char *expected_room = "room@a_service";
     gchar *args[] = { room, "password", password, NULL };
     ProfAccount *account = account_new(account_name, "user@server.org", NULL, NULL,
-        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, account_service, account_nick, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, "laptop", NULL, NULL, 0, 0, 0, 0, 0, account_service, account_nick, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     muc_init();
 
diff --git a/tests/unittests/test_cmd_otr.c b/tests/unittests/test_cmd_otr.c
index a1a852e1..f3fff83c 100644
--- a/tests/unittests/test_cmd_otr.c
+++ b/tests/unittests/test_cmd_otr.c
@@ -209,7 +209,7 @@ void cmd_otr_gen_generates_key_for_connected_account(void **state)
     gchar *args[] = { "gen", NULL };
     char *account_name = "myaccount";
     ProfAccount *account = account_new(account_name, "me@jabber.org", NULL, NULL,
-        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
+        TRUE, NULL, 0, NULL, NULL, NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
 
     will_return(jabber_get_connection_status, JABBER_CONNECTED);
     will_return(jabber_get_account_name, account_name);
diff --git a/tests/unittests/xmpp/stub_xmpp.c b/tests/unittests/xmpp/stub_xmpp.c
index ba1f2e34..6abec1bf 100644
--- a/tests/unittests/xmpp/stub_xmpp.c
+++ b/tests/unittests/xmpp/stub_xmpp.c
@@ -9,7 +9,7 @@
 void jabber_init(void) {}
 
 jabber_conn_status_t jabber_connect_with_details(const char * const jid,
-    const char * const passwd, const char * const altdomain, const int port)
+    const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy)
 {
     check_expected(jid);
     check_expected(passwd);